“Shields Up” Can Help Organizations Protect Against State-sponsored Cyberattacks
In the Star Trek TV series, the phrase “Shields up!” is a battle cry to alert the crew of an incoming threat. They instantly activate a force field that encloses the star ship Enterprise and protects it from attack. But the Shields Up concept was not dreamed up in a TV show writers’ room. Shields up was a military defensive tactic employed by ancient warriors, when soldiers were exhorted to hold their shields above their heads to form an overlapping wall that would protect the whole phalanx from outside attack.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is putting the phrase and the tactic to work in its recent Shields Up campaign. Shields Up stresses that all U.S. organizations should adopt a heightened cybersecurity posture and prepare to defend themselves against potential disruptive Russian-sponsored cyberattacks in the wake of its invasion of Ukraine.
Shields Up guidance includes recommended actions for organizations, regardless of size or sector, and advises that once they follow these steps, they stand a good chance of improving their cybersecurity posture and resilience:
1. Reduce the likelihood of a damaging cyber intrusion:
• Implement multifactor authentication for remote access to networks and for privileged or administrative access.
• Make sure software is up to date and systems are patched, particularly toward known exploited vulnerabilities CISA has identified.
• For cloud services, employ strong controls as outlined by CISA.
• Disable ports and protocols not essential for a business.
• Employ vulnerability scanning, conduct phishing exercises, and initiate penetration tests to reduce exposure to threats.
2. Take steps to quickly detect a potential intrusion:
• Focus on identifying and assessing unusual or unexpected network behavior.
• Protect the whole network with updated anti-virus/anti-malware software.
3. Ensure that the organization is prepared to respond if an intrusion occurs:
• Establish a trained and cybersecurity-focused incident response team with clearly defined roles.
• Conduct tabletop exercises that mimic possible attacks to prepare staff for responding quickly and effectively.
4. Maximize the organization’s resilience to a destructive cyber incident:
• Have backups for all critical data that are isolated from network connections.
• Test these backups to be sure the critical data can be restored in the case of ransomware or cyberattacks.
To help organizations that may have difficulty finding the resources for these crucial security upgrades, CISA has compiled free cybersecurity services and tools.
The Shields Up website includes a section for corporate leaders, CEOs, and others in senior management roles. They are urged to make security investment a top spending priority; train staff to report any indications of malicious cyberactivity, even if it seems like their security controls are able to block it; stand up test response plans and participate in tabletop exercises; prepare a ransomware response; focus on continuity of critical business systems; and plan for a worst-case scenario.
Another section offers steps people can take to protect their home systems and personal devices. These include using multifactor authentication on all their accounts; turning on the automatic software update feature on all their systems, including cell phones and tablets; being on the lookout for phishing emails and never clicking on links or downloading attachments; and using strong passwords.
Organizations should make it a security best practice to monitor the CISA Shields Up website to stay abreast of the latest information on real threats from Russia and elsewhere, including known exploits that CISA has identified. The website includes additional resources, checklists, and ransomware guides.
For more information on building a sound cybersecurity strategy that includes CISA-approved best practices, contact TalaTek.